G0115

G0115GOLD SOUTHFIELD

Description

[GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) is a financially motivated threat group active since at least 2018 that operates the [REvil](https://attack.mitre.org/software/S0496) Ransomware-as-a Service (RaaS). [GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) provides backend infrastructure for affiliates recruited on underground forums to perpetrate high value deployments. By early 2020, [GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) started capitalizing on the new trend of stealing data and further extorting the victim to pay for their data to not get publicly leaked.(Citation: Secureworks REvil September 2019)(Citation: Secureworks GandCrab and REvil September 2019)(Citation: Secureworks GOLD SOUTHFIELD)(Citation: CrowdStrike Evolution of Pinchy Spider July 2021)

References

  1. https://attack.mitre.org/groups/G0115
  2. https://www.secureworks.com/research/revil-sodinokibi-ransomware
  3. https://www.crowdstrike.com/blog/the-evolution-of-revil-ransomware-and-pinchy-spider/
  4. https://www.secureworks.com/blog/revil-the-gandcrab-connection
  5. https://www.secureworks.com/research/threat-profiles/gold-southfield

Software attributed to this2

TypeTargetConfidenceTier
SoftwareREvils0496100%live
SoftwareConnectWises0591100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
GOLD NORTHFIELD
Software
REvil
Actor
GOLD GARDEN
Actor
GOLD REBELLION
Actor
GOLD WATERFALL
Actor
GOLD DUPONT
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.